As the title says.
Even if the first AuthenticationProvider
call returns UsernamePasswordAuthenticationToken
and authentication is OK, AuthenticationProvider
is called again and authentication fails. The second call will result in authentication failure as the Credentials will be null.
java - spring security custom AuthenticationProvider is called twice and fails - Stack Overflow
Use the one with 3 arguments in the constructor of UsernamePasswordAuthenticationToken </ code>. This will cause ```isAuthenticated ()` `` to return true. This will prevent you from being called twice.